Network security systems are beginning to rely on network lookups (e.g. “cloud” based security software) to determine whether a program is malicious. Thus, current security products have to send requests to the cloud servers for objects under analysis. In some cases, the number of such objects may be high, which results in significant network bandwidth consumption.
Additionally, an increased amount of sent data for the clients and received data for the cloud servers generally means increased costs for maintaining the network infrastructure and a more expensive Internet connection. There is a need to reduce the amount of data sent from each client and received by the servers. There is also a need to reduce the amount of resources used from each client and the servers.
In some cases, the reduction in the number of sent queries may be achieved by performing operations such as consulting local copies of white-lists and black-lists. Further reduction may be possible by applying an anti-malware scanner. Still, even after these checks, the volume is likely to be too high and it would be beneficial to reduce it further. There is thus a need for overcoming these and/or other issues associated with the prior art.